DGM/GM- Info Security/CISO-Mumbai - Corporate Chemistry

    Corporate Chemistry
    Corporate Chemistry Mumbai, India

    1 week ago

    Default job background
    Full time
    Description

    Job Title: Information Security Lead/CISO

    Level: DGM/GM

    Job Description:

    As the Information Security Lead, you will be responsible for overseeing and implementing comprehensive information security programs, policies, and procedures to protect our organizations critical assets and ensure compliance with regulatory requirements. You will collaborate with cross-functional teams, conduct risk assessments, develop and implement security controls, and provide leadership in incident response and security awareness training. The ideal candidate is a proactive and detail-oriented professional with a deep understanding of information security principles and a proven track record in leading security initiatives.

    Responsibilities:

    1. Develop and maintain an information security strategy and roadmap aligned with organizational goals and industry best practices.

    2. Lead the design, implementation, and management of information security programs, policies, and procedures to protect against unauthorized access, data breaches, and other security incidents.

    3. Conduct regular risk assessments and vulnerability assessments to identify potential security risks, and develop and execute plans to mitigate these risks.

    4. Collaborate with cross-functional teams to ensure security requirements are embedded in system and software development lifecycle processes.

    5. Implement and manage security controls, such as firewalls, intrusion detection/prevention systems, encryption technologies, access controls, and security incident and event management (SIEM) systems.

    6. Responsible for independently handling Information Security Incident Events & Response.

    7. Responsible for thorough review, triage & escalation of detected & user reported security incidents & events.

    8. Responsible for InfoSec Incident Tracking & case management.

    9. Responsible for performing root cause analysis and devising corrective actions.

    10. Responsible for digital forensics dealing with the process of preservation, identification,

    extraction & documentation of computer / digital evidence.

    11. Strong understanding of digital forensic concepts and tools related to Memory Forensics,

    Imaging, Live Forensic, Carving, Network Forensic and timeline Analysis etc.

    12. Responsible for handling Threat Scenarios, Exploits, Vulnerabilities & Mitigation Strategies.

    13. Responsible for developing Security incident response policies, protocols and procedures.

    14. Lead incident response efforts, including investigating security incidents, coordinating

    remediation activities, and conducting post-incident reviews.

    15. Stay up-to-date with the latest information security trends, threats, and technologies, and make recommendations for enhancements to the organizations security posture.

    16. Conduct security awareness training and promote a culture of security awareness among employees.

    17. Monitor and analyze security events and alerts to identify potential security incidents or

    breaches.

    18. Collaborate with internal and external stakeholders, such as auditors, regulators, and vendors,

    to ensure compliance with relevant regulations and standards.

    19. Manage relationships with external security service providers and vendors.

    20. Provide guidance and mentorship to junior members of the information security team.

    Essential Requirements

    1. End to End knowledge on Security Incident Alerts & Management.

    2. Comprehensive knowledge on Security Operations (Endpoint Security, Data Leakage Prevention, Endpoint Encryption, SIEM, IDS/IPS, Firewalls, CASB, SAST / DAST, Secure SDLC, VAPT, and CCM etc.

    3. People Management Experience.

    4. Ready to take ownership on the key deliverables with minimal handholding and drive

    independently.

    Qualifications:

    Bachelor's degree in Computer Science, Information Systems, or a related field. Relevant

    certifications (e.g., CISSP, CISM, CRISC) are highly desirable.

    Proven experience (10+ years) in information security roles, with a focus on designing,

    implementing, and managing information security programs and controls.

    Deep knowledge of information security principles, standards, frameworks (e.g., ISO 27001, NIST Cybersecurity Framework), and regulatory requirements (e.g., GDPR, HIPAA).

    Strong understanding of networking protocols, system administration, and secure coding

    practices.

    Experience with security technologies and tools, such as firewalls, SIEM systems, vulnerability scanners, and intrusion detection/prevention systems.

    Familiarity with cloud security concepts and technologies (e.g., AWS, Azure) is a plus.

    Excellent analytical and problem-solving skills, with the ability to assess complex security risks and recommend appropriate solutions.

    Strong leadership and communication skills, with the ability to collaborate effectively with

    stakeholders at all levels of the organization.

    Demonstrated ability to manage multiple projects and priorities in a fast-paced environment.

    Up-to-date knowledge of the latest security threats, vulnerabilities, and attack vectors.

    Experience in conducting security awareness training and promoting a security-conscious culture.

    If interested, kindly share your Cv for further process to

    Regards,

    Anisha Nair